John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I recently saw a tongue-in-cheek tweet from Howard Green, MD about how healthcare shares data:

#hdpalooza Here's how we share data. I enter data into my EMR into the late evening hours and my EMR company sells that data to industry.

There has always been a disconnect between providers and EHR vendors saying they can’t share data and then EHR vendors can easily sell and share EHR data to the healthcare industry. If you don’t think this happens at large scales in healthcare, then you need to look no further than IMS which last I checked was a multi billion dollar public company on the back of our health data.

The “sharing” or should we say selling of EHR data is big business and happening a lot more than we realize. I know the Patient Privacy Rights organization was trying to make a map of all the ways your health data was being shared. However, you can imagine that’s an almost impossible task to accomplish. I think most of us would be shocked to see how far and wide are health data is shared.

I wonder how many doctors know the answer to this question, “Does your EHR sell your EHR data?”

My guess is that most doctors assume that their EHR data is not being sold. For a number of EHR vendors, that’s probably true. However, my guess is that most doctors don’t know their EHR vendor’s policy on selling EHR data. If you don’t know, you should ask your EHR vendor and find out.

For those EHR vendors that are selling EHR data, you can be sure that they will happily reply that any EHR data they sell is de-identified. They’ll argue that it’s not a violation of HIPAA because it doesn’t have any PHI because they’ve de-identified the data and only sell the data in aggregate. No doubt there are many that would argue that there’s no perfect way to totally de-identify your EHR data and that when combined with other sources, they can often identify your patients.

This is big business and so it’s easy to see why an EHR vendor would give the go ahead to de-identify and sell the data stored in their EHR. Although, it is disappointing when they’re doing this and their users don’t know that’s the case.

If you’ve asked your vendor if they sell your EHR data, we’d love to hear what they say. How did they respond? Are you ok with your EHR selling your de-identified EHR data?

One response to "Does Your EHR Sell Your EHR Data?"

I haven’t asked my doctor/their EHR vendor if they sell my data, but I am more than OK with them selling my de-identified data. Am I naive to think they are selling the data to improve healthcare? I think of de-identified data as being very useful to people who are trying to study how to improve healthcare. And I don’t think there are many people out there trying to reverse engineer my identity with de-identified data.

I’m admittedly a person who does not worry much about privacy, but that is mostly because no one has given me a compelling argument to be concerned. Why should I expect de-identified data will be used for harm instead of good?